glenux/teaching-webterm
glenux/teaching-webterm
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

ansible: finalize config

Browse source
This commit is contained in:
Glenn Y. Rolland 2022-06-16 17:53:52 +02:00
parent 9118f64a03
commit 0cc199dd1f
5 changed files with 102 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ansible/group_vars/all/vars.yml
View file

@ -3,5 +3,6 @@
sshwifty_internal_port: 8080
sshwifty_configuration_directory: "/etc/sshwifty"
sshwifty_work_directory: "/var/lib/sshwifty"
sshwifty_gateway_access: false
#

1
ansible/host_vars/prod-gateway4/vars.yml
View file

@ -0,0 +1 @@
---

18
ansible/tasks/setup_sshwifty.yml
View file

@ -1,4 +1,20 @@
---
# - name: Check sshwifty_* variables are not empty
# assert:
# that:
# sshwifty_configuration_directory
# sshwifty_hostname
# sshwifty_public_port
# sshwifty_shared_key
# sshwifty_authentication
# sshwifty_ssh_password
# sshwifty_ssh_user
# sshwifty_internal_port
# sshwifty_configuration_directory
# sshwifty_work_directory
# sshwifty_gateway_access
# msg: ""
- name: Install required system packages
ansible.builtin.apt:
name:
@ -43,7 +59,7 @@
- name: Run SSHwifty
community.docker.docker_compose:
project_src: "{{ sshwifty_work_directory }}"
recreate: smart
recreate: always
state: present
#

66
ansible/templates/sshwifty.conf-with-gateway.j2 Normal file
View file

@ -0,0 +1,66 @@
{# vim: set ts=2 sw=2 et ft=jinja2,json : #}
{
{# "HostName": "localhost", #}
"SharedKey": "{{ sshwifty_shared_key }}",
"DialTimeout": 10,
"Servers": [
{
"ListenInterface": "0.0.0.0",
"ListenPort": 8182,
"InitialTimeout": 3,
"ReadTimeout": 60,
"WriteTimeout": 60,
"HeartbeatTimeout": 20,
"ReadDelay": 10,
"WriteDelay": 10 {# , #}
{# "TLSCertificateFile": "", #}
{# "TLSCertificateKeyFile": "" #}
}
],
"Presets": [
{% for host in groups['role_mongo'] %}
{% set server_group_id = loop.index0 // mongo_replicas_count %}
{% set server_index = loop.index0 % mongo_replicas_count %}
{% set server_ip_addr = hostvars[host]['ansible_facts']['default_ipv4']['address'] %}
{% if server_group_id == mongo_group_id %}
{
"Title": "Group {{ server_group_id }} - Server {{ server_index }} ({{ host }})",
"Type": "SSH",
"Host": "{{ server_ip_addr }}:22",
"Meta": {
"User": "{{ sshwifty_ssh_user }}",
{% if "password" == sshwifty_authentication | lower %}
"Authentication": "Password",
"Password": "{{ sshwifty_ssh_password }}",
{% else %}
"Authentication": "Private Key",
"Private Key": "file://{{ sshwifty_ssh_private_key }}",
{% endif %}
{# "Fingerprint": home"SHA256:bgO...." #}
"Encoding": "utf-8"
}
}{% if not loop.last %},{% endif %}
{% endif %}
{% endfor %}
{#
{
"Title": "Group {{ mongo_group_id }} - Gateway ({{ ansible_facts['hostname'] }})",
"Type": "SSH",
"Host": "{{ ansible_ssh_host }}:22",
"Meta": {
"User": "{{ sshwifty_ssh_user }}",
{% if "password" == sshwifty_authentication | lower %}
"Authentication": "Password",
"Password": "{{ sshwifty_ssh_password }}",
{% else %}
"Authentication": "Private Key",
"Private Key": "file://{{ sshwifty_ssh_private_key }}",
{% endif %}
{# "Fingerprint": "SHA256:bgO...." #}
"Encoding": "utf-8"
}
}
#}
],
"OnlyAllowPresetRemotes": true
}

32
ansible/templates/sshwifty.conf.j2
View file

@ -1,4 +1,4 @@
{# vim: set ts=2 sw=2 et ft=jinja2,json : #}
{# vim: set ts=2 sw=2 et ft=jinja2 : #}
{
{# "HostName": "localhost", #}
"SharedKey": "{{ sshwifty_shared_key }}",
@ -18,47 +18,49 @@
}
],
"Presets": [
{% for host in groups['role_mongo'] %}
{% set server_group_id = loop.index0 // mongo_replicas_count %}
{% set server_index = loop.index0 % mongo_replicas_count %}
{% set server_ip_addr = hostvars[host]['ansible_facts']['default_ipv4']['address'] %}
{% if server_group_id == mongo_group_id %}
{%- for host in groups['role_mongo'] -%}
{%- set server_group_id = loop.index0 // mongo_replicas_count -%}
{%- set server_index = loop.index0 % mongo_replicas_count -%}
{%- set server_ip_addr = hostvars[host]['ansible_facts']['default_ipv4']['address'] -%}
{%- if server_group_id == mongo_group_id -%}
{
"Title": "Group {{ server_group_id }} - Server {{ server_index }} ({{ host }})",
"Type": "SSH",
"Host": "{{ server_ip_addr }}:22",
"Meta": {
"User": "{{ sshwifty_ssh_user }}",
{% if "password" == sshwifty_authentication | lower %}
{%- if "password" == sshwifty_authentication | lower -%}
"Authentication": "Password",
"Password": "{{ sshwifty_ssh_password }}",
{% else %}
{%- else -%}
"Authentication": "Private Key",
"Private Key": "file://{{ sshwifty_ssh_private_key }}",
{% endif %}
{%- endif -%}
{# "Fingerprint": home"SHA256:bgO...." #}
"Encoding": "utf-8"
}
},
{% endif %}
{% endfor %}
}{%- if sshwifty_gateway_access or (server_index + 1) < mongo_replicas_count -%},{%- endif -%}
{%- endif -%}
{%- endfor -%}
{%- if sshwifty_gateway_access -%}
{
"Title": "Group {{ mongo_group_id }} - Gateway ({{ ansible_facts['hostname'] }})",
"Type": "SSH",
"Host": "{{ ansible_ssh_host }}:22",
"Meta": {
"User": "{{ sshwifty_ssh_user }}",
{% if "password" == sshwifty_authentication | lower %}
{%- if "password" == sshwifty_authentication | lower -%}
"Authentication": "Password",
"Password": "{{ sshwifty_ssh_password }}",
{% else %}
{%- else -%}
"Authentication": "Private Key",
"Private Key": "file://{{ sshwifty_ssh_private_key }}",
{% endif %}
{%- endif -%}
{# "Fingerprint": "SHA256:bgO...." #}
"Encoding": "utf-8"
}
}
{%- endif -%}
],
"OnlyAllowPresetRemotes": true
}